2 files changed, 68 insertions, 15 deletions
diff --git a/modules/private/environment.nix b/modules/private/environment.nix
index 22217b1..7555fe6 100644
--- a/modules/private/environment.nix
+++ b/modules/private/environment.nix
@@ -1084,6 +1084,23 @@ in
      description = "Websites configurations";
      type = submodule {
        options = {
+          immae = mkOption {
+            description = "Immae configuration by environment";
+            type = submodule {
+              options = {
+                temp = mkOption {
+                  description = "Temp configuration";
+                  type = submodule {
+                    options = {
+                      ldap = mkLdapOptions "Immae temp" {
+                        filter = mkOption { type = str; description = "Filter for user access"; };
+                      };
+                    };
+                  };
+                };
+              };
+            };
+          };
          isabelle = mkOption {
            description = "Isabelle configurations by environment";
            type =
diff --git a/modules/private/websites/immae/temp.nix b/modules/private/websites/immae/temp.nix
index c24844e..fd54f5e 100644
--- a/modules/private/websites/immae/temp.nix
+++ b/modules/private/websites/immae/temp.nix
@@ -1,32 +1,68 @@
 { lib, pkgs, config,  ... }:
 let
  cfg = config.myServices.websites.immae.temp;
-  varDir = "/var/lib/ftp/temp.immae.eu";
+  varDir = "/var/lib/immae_temp";
-  env = config.myEnv.websites.temp;
+  env = config.myEnv.websites.immae.temp;
 in {
  options.myServices.websites.immae.temp.enable = lib.mkEnableOption "enable Temp' website";
  config = lib.mkIf cfg.enable {
-    services.websites.env.production.modules = [ "headers" ];
+    services.duplyBackup.profiles.immae_temp.rootDir = varDir;
+    services.duplyBackup.profiles.immae_temp_surfer.rootDir = "/var/lib/surfer";
    services.websites.env.production.vhostConfs.immae_temp = {
      certName    = "immae";
      addToCerts  = true;
      hosts       = [ "temp.immae.eu" ];
-      root        = varDir;
+      root        = null;
-      extraConfig = [
+      extraConfig = [ ''
-        ''
+        ProxyVia On
-        Use Apaxy "${varDir}" "title .duplicity-ignore"
+        ProxyRequests Off
-        <Directory "${varDir}">
+        ProxyPreserveHost On
-          Options -Indexes
+        ProxyPass         / unix:///run/surfer/listen.sock|http://temp.immae.eu/
+        ProxyPassReverse  / unix:///run/surfer/listen.sock|http://temp.immae.eu/
+        <Proxy *>
+          Options FollowSymLinks MultiViews
          AllowOverride None
          Require all granted
-        </Directory>
+        </Proxy>
+      '' ];
+    };
+    secrets.keys = [
+      {
+        dest = "webapps/surfer";
+        permissions = "0400";
+        user = "wwwrun";
+        group = "wwwrun";
+        text = ''
+          CLOUDRON_LDAP_URL=ldaps://${env.ldap.host}
+          CLOUDRON_LDAP_USERS_BASE_DN=${env.ldap.base}
+          TOKENSTORE_FILE=/var/lib/surfer/tokens.json
+          CLOUDRON_LDAP_BIND_DN=${env.ldap.dn}
+          CLOUDRON_LDAP_BIND_PASSWORD=${env.ldap.password}
+          CLOUDRON_LDAP_USERS_BASE_DN=${env.ldap.base}
+          CLOUDRON_LDAP_FILTER="${env.ldap.filter}"
+          LISTEN=/run/surfer/listen.sock
+        '';
+      }
+    ];
+    systemd.services.surfer = {
+      description = "Surfer";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ];
-        <DirectoryMatch "${varDir}/(.+)">
+      script = ''
-          Options Indexes
+        exec ${pkgs.webapps.surfer}/bin/surfer-server ${varDir}
-        </DirectoryMatch>
+      '';
-        ''
+      serviceConfig = {
-      ];
+        EnvironmentFile = "/var/secrets/webapps/surfer";
+        User = "wwwrun";
+        Group = "wwwrun";
+        StateDirectory = "surfer";
+        RuntimeDirectory = "surfer";
+        Type = "simple";
+      };
    };
  };
 }

diff --git a/modules/private/environment.nix b/modules/private/environment.nix index 22217b1..7555fe6 100644 --- a/modules/private/environment.nix +++ b/modules/private/environment.nix
@@ -1084,6 +1084,23 @@ in
1084	description = "Websites configurations";	1084	description = "Websites configurations";
1085	type = submodule {	1085	type = submodule {
1086	options = {	1086	options = {
		1087	immae = mkOption {
		1088	description = "Immae configuration by environment";
		1089	type = submodule {
		1090	options = {
		1091	temp = mkOption {
		1092	description = "Temp configuration";
		1093	type = submodule {
		1094	options = {
		1095	ldap = mkLdapOptions "Immae temp" {
		1096	filter = mkOption { type = str; description = "Filter for user access"; };
		1097	};
		1098	};
		1099	};
		1100	};
		1101	};
		1102	};
		1103	};
1087	isabelle = mkOption {	1104	isabelle = mkOption {
1088	description = "Isabelle configurations by environment";	1105	description = "Isabelle configurations by environment";
1089	type =	1106	type =


diff --git a/modules/private/websites/immae/temp.nix b/modules/private/websites/immae/temp.nix index c24844e..fd54f5e 100644 --- a/modules/private/websites/immae/temp.nix +++ b/modules/private/websites/immae/temp.nix
@@ -1,32 +1,68 @@
1	{ lib, pkgs, config, ... }:	1	{ lib, pkgs, config, ... }:
2	let	2	let
3	cfg = config.myServices.websites.immae.temp;	3	cfg = config.myServices.websites.immae.temp;
4	varDir = "/var/lib/ftp/temp.immae.eu";	4	varDir = "/var/lib/immae_temp";
5	env = config.myEnv.websites.temp;	5	env = config.myEnv.websites.immae.temp;
6	in {	6	in {
7	options.myServices.websites.immae.temp.enable = lib.mkEnableOption "enable Temp' website";	7	options.myServices.websites.immae.temp.enable = lib.mkEnableOption "enable Temp' website";
8		8
9	config = lib.mkIf cfg.enable {	9	config = lib.mkIf cfg.enable {
10	services.websites.env.production.modules = [ "headers" ];	10	services.duplyBackup.profiles.immae_temp.rootDir = varDir;
		11	services.duplyBackup.profiles.immae_temp_surfer.rootDir = "/var/lib/surfer";
11	services.websites.env.production.vhostConfs.immae_temp = {	12	services.websites.env.production.vhostConfs.immae_temp = {
12	certName = "immae";	13	certName = "immae";
13	addToCerts = true;	14	addToCerts = true;
14	hosts = [ "temp.immae.eu" ];	15	hosts = [ "temp.immae.eu" ];
15	root = varDir;	16	root = null;
16	extraConfig = [	17	extraConfig = [ ''
17	''	18	ProxyVia On
18	Use Apaxy "${varDir}" "title .duplicity-ignore"	19	ProxyRequests Off
19	<Directory "${varDir}">	20	ProxyPreserveHost On
20	Options -Indexes	21	ProxyPass / unix:///run/surfer/listen.sock\|http://temp.immae.eu/
		22	ProxyPassReverse / unix:///run/surfer/listen.sock\|http://temp.immae.eu/
		23	<Proxy *>
		24	Options FollowSymLinks MultiViews
21	AllowOverride None	25	AllowOverride None
22	Require all granted	26	Require all granted
23	</Directory>	27	</Proxy>
		28	'' ];
		29	};
		30
		31	secrets.keys = [
		32	{
		33	dest = "webapps/surfer";
		34	permissions = "0400";
		35	user = "wwwrun";
		36	group = "wwwrun";
		37	text = ''
		38	CLOUDRON_LDAP_URL=ldaps://${env.ldap.host}
		39	CLOUDRON_LDAP_USERS_BASE_DN=${env.ldap.base}
		40	TOKENSTORE_FILE=/var/lib/surfer/tokens.json
		41	CLOUDRON_LDAP_BIND_DN=${env.ldap.dn}
		42	CLOUDRON_LDAP_BIND_PASSWORD=${env.ldap.password}
		43	CLOUDRON_LDAP_USERS_BASE_DN=${env.ldap.base}
		44	CLOUDRON_LDAP_FILTER="${env.ldap.filter}"
		45	LISTEN=/run/surfer/listen.sock
		46	'';
		47	}
		48	];
		49
		50	systemd.services.surfer = {
		51	description = "Surfer";
		52	wantedBy = [ "multi-user.target" ];
		53	after = [ "network.target" ];
24		54
25	<DirectoryMatch "${varDir}/(.+)">	55	script = ''
26	Options Indexes	56	exec ${pkgs.webapps.surfer}/bin/surfer-server ${varDir}
27	</DirectoryMatch>	57	'';
28	''	58	serviceConfig = {
29	];	59	EnvironmentFile = "/var/secrets/webapps/surfer";
		60	User = "wwwrun";
		61	Group = "wwwrun";
		62	StateDirectory = "surfer";
		63	RuntimeDirectory = "surfer";
		64	Type = "simple";
		65	};
30	};	66	};
31	};	67	};
32	}	68	}